Return value

sanitize()

Parses a string into an HTML document, sanitizes the document, and returns the result serialized to a string.

The sanitizer is designed to protect against XSS when sanitized content is inserted into a different-origin context without an iframe-equivalent sandboxing mechanism.

By default, the sanitizer doesn't try to avoid leaking information that the content was viewed to third parties. That is, by default, for example <img> with a source pointing to an HTTP server potentially controlled by a third party is not removed. To avoid ambient information leakage upon loading the sanitized content, use the SanitizerInternalEmbedsOnly flag. In that case, <a> links (and similar) to other content are preserved, so an explicit user action (following a link) after the content has been loaded can still leak information.

By default, non-dangerous non-CSS presentational HTML elements and attributes or forms are not removed. To remove these, use SanitizerDropNonCSSPresentation and/or SanitizerDropForms.

By default, comments and CSS is removed. To preserve comments, use SanitizerAllowComments. To preserve <style> elements and style attributes on other elements, use SanitizerAllowStyle. -moz-binding is removed from <style> elements and style attributes if present. In this case, properties that Gecko doesn't recognize can get removed as a side effect.

Note: If -moz-binding is not present, <style> elements and style attributes, and if SanitizerAllowStyle is specified, the sanitized content may still be XSS dangerous if loaded into a non-Gecko Web engine!

AString sanitize(
in AString src,
in unsigned long flags
);

Parameters

src

The HTML source to parse (C++ callers are allowed but not required to use the same string for the return value).